[shib_auth] Handling Anonymous users with shib_auth
Nate Klingenstein
ndk at internet2.edu
Tue Jun 5 23:24:52 CEST 2012
Ravi,
Passive authentication is a different feature of SAML 2.0; it allows
the SP to send an AuthnRequest to the IdP that includes the
isPassive="true" flag. This flag means the IdP should send an
assertion if the user is already authenticated, but if the user is not
authenticated, the IdP must not interact with the user and must send
the user back to the SP with no assertion. The general term for
authenticating the user when the application requests it, but not
before that, is "lazy authentication".
I think that checkbox is for passive authentication as described in
the specifications and it should be unrelated to this issue. However,
one of the developers might be able to correct me.
Take care, and thanks for your use of Shibboleth and shib_auth,
Nate.
On Jun 5, 2012, at 20:57 , Ravi Verma wrote:
> In addition I also needed to make sure that the box "Enable passive
> authentication" on Advance Setting tab of Shib Auth was not checked.
> I had it checked by mistake and took 30 minutes to debug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://listserv.niif.hu/pipermail/shib_auth/attachments/20120605/5c88f415/attachment.html>
More information about the shib_auth
mailing list